Results 1 to 17 of 17
-
11-01-2013, 05:13 PM #1WHT Addict
- Join Date
- Jan 2012
- Posts
- 135
Some ip opeing 500 page in 10 second, DDOS..?
hi guys,
i am in shared hosting and logged in histats to check the today stats, suddenly from one ip, 400 and increasing pages opened in 8 to 10 seconds..
then i contacted server admin, he is offline, so i blocked that ip in cloudflare, after that page opening stopped
is it ddos..??
that ip is 108.163.156.213
any suggestion is welcome, i am weirdSimple and awesomeGoogle
-
11-01-2013, 05:19 PM #2Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
Could be HTTP flood, but if it was just a single IP or only a few ones, I rather think it's a spambot/scraper or similar, even though a good DDoS protection could block this as well. The IP is already listed on Project Honey Pot: https://www.projecthoneypot.org/ip_108.163.156.213
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-01-2013, 05:24 PM #3WHT Addict
- Join Date
- Jan 2012
- Posts
- 135
just a single that ip, but after banning (using cloudflare) it stopped, but if i remove the from cloudflare blocklist in cloudflare means, then it continue to open lot of page, i am not able to identitfy.
where to complain..?? i have to send abuse report to that datacenter..??
don't know what to doSimple and awesomeGoogle
-
11-01-2013, 05:25 PM #4Newbie
- Join Date
- Oct 2013
- Posts
- 13
You obviously did the right thing by blocking it using CloudFlare. Like the previous poster said, since its listed on Project Honey Pot, its most likely a spam bot of some sort.
EDIT:
Having the host/data center block the IP won't really do much. There are hundreds of spam bots on hundreds of IPs.
-
11-01-2013, 05:28 PM #5Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-01-2013, 05:29 PM #6is a threadkiller
- Join Date
- Jan 2002
- Location
- Ohio
- Posts
- 3,155
Keep it blocked, and move on. I find trying to report abusive IPs to their upstream to be useless most of the time.
Don't like what I say? Ignore me.
-
11-01-2013, 05:35 PM #7WHT Addict
- Join Date
- Jan 2012
- Posts
- 135
Thanks guys for your words,
any script for sites hosted in shared hosting about reporting this type to user ..??
(i am using wordpress)Simple and awesomeGoogle
-
11-01-2013, 05:38 PM #8WHT Addict
- Join Date
- Oct 2013
- Posts
- 174
Try WordFence, I have it installed and I've never had any issues with attacks.
-
11-01-2013, 05:38 PM #9Newbie
- Join Date
- Oct 2013
- Posts
- 13
I think you're referring to blacklists such as the Honeypot project. I'm sure that IP has already been submitted to the major ones. So in other words, there isn't much you have to do at this point.
-
11-01-2013, 05:49 PM #10Web Hosting Master
- Join Date
- Oct 2012
- Location
- Canada
- Posts
- 3,064
That seems like your everyday HTTP attack, you can just block it with .htaccess if you want but CloudFlare is the better option.
█ TrentaHost INC. || Fully Managed DDoS Protected Services Globally (NA - EU - Asia)
█ Reseller Hosting- Pure SSD | Litespeed | Imunify360 | CloudLinux | 24x7 Support | Mailchannels
█ Linux & Windows DDoS Protected SSD VPS - cPanel / WHM | DDoS Protection | Let's Encrypt | Pure-SSD
█ DDoS Protected Locations : Portland, OR (North America) | Amsterdam, NL (Europe) | Singapore (Asia)
-
11-01-2013, 05:50 PM #11WHT Addict
- Join Date
- Jan 2012
- Posts
- 135
After 10 minutes same type of opening pages from 3 more ip..
173.252.102.113
173.252.102.115
69.171.245.2
i blocked these 3 too in cloudflare.
@Buycpanel-Kevin
installing that plugin nowSimple and awesomeGoogle
-
11-01-2013, 07:22 PM #12Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
11-01-2013, 07:23 PM #13Newbie
- Join Date
- Oct 2013
- Location
- Hong Kong
- Posts
- 14
Call the hosting company support to add some auto ban script in the server.
-
11-02-2013, 01:47 AM #14Web Hosting Evangelist
- Join Date
- Jul 2012
- Location
- Charlotte, NC, US
- Posts
- 513
I would recommend to use projecthoneypot module/plugin/custom code to protect your account from such DDOS. This will protect your shared hosting account from over utilization of resources.
ⓐ➒AlphaNine
✿Shared hosting | cPanel/WHM reseller | KVM VPS | Dedicated Servers | SSL | VoIP | Management |
✿99.9% uptime | 24/7 Support | Easy Control Panels | Operating Since 2000 |
-
11-02-2013, 12:41 PM #15Temporarily Suspended
- Join Date
- Jul 2011
- Posts
- 96
Perhaps a crawler of some sort or it could be a L7 flood.
-
11-02-2013, 12:47 PM #16
-
11-03-2013, 09:36 AM #17Web Hosting Evangelist
- Join Date
- Jul 2012
- Location
- Charlotte, NC, US
- Posts
- 513
Ah you should check with your scripting once may be there is a loop request coming from Facebook. If you are you such apps connecting facebook
Similar Threads
-
DDoS attack - 500 internal server error
By DewlanceHosting in forum Hosting Security and TechnologyReplies: 12Last Post: 08-11-2011, 04:02 PM -
Cpanel Suspended page error 500
By Alex597 in forum Hosting Software and Control PanelsReplies: 2Last Post: 04-09-2010, 09:00 PM -
500+ ip DDoS-ing my vps
By newbie_security in forum VPS HostingReplies: 7Last Post: 02-07-2010, 10:18 PM -
3,500+/day Page Views - Starting @ $2.25
By gilbert in forum Advertising OffersReplies: 0Last Post: 11-23-2005, 11:52 AM -
ADVERTISING - 500,000 Page Views A Week - $25
By Duncan_Elude in forum Other Offers & RequestsReplies: 7Last Post: 02-01-2003, 05:52 PM